CN110704399B - Distributed authority management method based on geographic spatial position - Google Patents
Distributed authority management method based on geographic spatial position Download PDFInfo
- Publication number
- CN110704399B CN110704399B CN201910950247.2A CN201910950247A CN110704399B CN 110704399 B CN110704399 B CN 110704399B CN 201910950247 A CN201910950247 A CN 201910950247A CN 110704399 B CN110704399 B CN 110704399B
- Authority
- CN
- China
- Prior art keywords
- user
- data
- authority
- spatial
- space
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/29—Geographical information databases
Abstract
The invention discloses a distributed authority management method based on geographic spatial positions, which comprises the steps that a super user has authority of all data, the super user establishes a root level user and a data access range, the root level user can freely divide an authorized space region into sub regions in any form and authorizes the sub regions to lower level users; the subordinate user continues the process of zone division and authorization. The distributed authority management method based on the geographic spatial position limits the acquisition and modification of data by a user by setting the spatial position range of the user operation data, can grant the authority range owned by the user to others, ensures the stability of authorization and the safety of the data, ensures the flexibility of authorization change, can be applied to a large-scale authority management system, simplifies the difficulty of spatial data operation, and enables a programmer to realize various spatial operations by using an expanded SQL statement.
Description
Technical Field
The invention relates to the technical fields of Geographic Information Systems (GIS), authority management, spatial databases and the like, in particular to a distributed authority management method based on geographic spatial positions.
Background
Rights management is a fundamental function that is essential to any multi-person system. The larger the system, the more people used, the more data, the more complex the data structure, the wider the system has spanning access, and the higher the requirement on the authority.
Rights management involves two things, first, how to restrict access to an operator's data; second, how to authorize.
For small and medium-sized systems, a centralized authorization mode can be adopted, the system is provided with an administrator, and the administrator centrally manages the authority of each user. For a large-scale system, a centralized authorization mode obviously cannot meet the requirements, and only distributed authorization can be adopted.
With the rapid development of the GIS technology, the remote sensing technology, the communication technology and the database technology, various space data in the sea are filling every space of our daily work and life. Therefore, utilization and management of spatial data are important functions of many systems. Meanwhile, the combination of the GIS and the database simplifies the difficulty of spatial data operation, PostgreSQL and POSTGIS are the examples of the combination, and programmers can realize various spatial operations by using expanded SQL statements.
Disclosure of Invention
The invention aims to overcome the defects in the background technology, and provides a distributed authority management method based on geographic spatial positions, which limits the acquisition and modification of data by a user by setting the spatial position range of user operation data, and can grant the authority range owned by the user to others.
In order to achieve the technical effects, the invention adopts the following technical scheme:
a distributed authority management method based on geographic spatial position is applied to an authority management system and comprises a distributed authority establishing process and a user authority changing process; the distributed authority establishing process comprises the following steps:
s101, a super user creates root level users and sets a space range of authorized access data of each root level user;
s102, dividing sub-areas with any forms and sizes in a space range in which a root-level user is authorized to access data; when the user grants the space region right of the subordinate user, the space region right must be limited in a region allowed by the user;
s103, the root level user establishes subordinate users of the space region authorized to access the data, and respectively grants the space region range of the accessible data to each subordinate user;
s104, the subordinate user establishes a space area range of the subordinate user and grants the accessible data to the subordinate user according to the modes of the step S102 and the step S103;
the user permission changing process comprises the following steps:
s201, a space area range of the user U2 with the changed authority, which can access data, is changed and set to be a new space area A2 by a superior user U1 of the user U2 with the changed authority;
s202, automatically changing the space area A3 of the originally accessible data of all the direct subordinate user sets U3 of the U2 by the authority management system, namely intersecting the space area A3 with the space area A2 to obtain an intersection space area A4;
s203, taking the space area A4 as a space area which is newly accessible to data by a user U3 and saving the space area;
s204, recursively executing the step S201 and the step S202 on all subordinate users of the user U3 to finish the updating of the spatial regions of the accessible data of all subordinate users of the user U2; after the space region authorization of the user is changed, the system automatically and recursively changes the space region authorization of all subordinate users of the user;
the distributed authority management method based on the geographic spatial position forms the following distributed authorization system through the mode: the super user has the authority of all data, the super user establishes a root level user and a data access range, the root level user can arbitrarily divide an authorized space region into sub regions in any form and authorizes the sub regions to lower level users; and the subordinate users continue the regional division and authorization process to form a distributed authorization system.
Further, the sub-area in the step S102 is represented by a polygon.
Further, the spatial region of accessible data of each subordinate user in step S103 ranges from a discrete plurality of polygons, where each polygon must be within the spatial region of the authorizer.
Further, in step S103, the spatial region ranges of accessible data of a plurality of subordinate users overlap.
Further, the data format of the access data is vector data, and the space authorized to access the data is vector space.
Further, when the spatial range of the authorized access data of each user is saved, the spatial vector object is specifically saved in the postgresql data table in a recorded manner, and the spatial attribute is saved in a field of a type of geometry or geometry.
Further, the authority management system adopts postgis as a spatial database engine of the system.
Compared with the prior art, the invention has the following beneficial effects:
the invention discloses a distributed authority management method based on geographic spatial position, which limits the acquisition and modification of data by users by setting the spatial position range of user operation data, and sets the authority range which can be owned by the users to others, thereby forming a distributed authorization system, in the system, each user has a determined spatial range which can access data, and if any user has the management authority of other users, the user can only grant the part of the data which can be accessed by the user to other users, and simultaneously, the user can not change the spatial region of the user and the spatial region of the superior user, thereby ensuring the stability of authorization, and realizing that if the authority of the granter is changed, the authority system can automatically change the authority range of the grantee, can be applied to a large authority management system, and simplifies the difficulty of spatial data operation, so that the programmer can realize various space operations by using the expanded SQL statement.
Drawings
FIG. 1 is a schematic overall flow chart of the distributed rights management method based on geospatial location of the present invention.
Fig. 2 is a schematic diagram of a distributed authority establishment process in the distributed authority management method based on geospatial location according to the present invention.
FIG. 3 is a schematic diagram illustrating a process of modifying spatial domain rights in the distributed rights management method based on geospatial location according to the present invention.
FIG. 4 is a schematic diagram illustrating a process of updating rights of a user space region in the distributed rights management method based on geospatial location according to the present invention.
Detailed Description
The invention will be further elucidated and described with reference to the embodiments of the invention described hereinafter.
Example (b):
the first embodiment is as follows:
as shown in fig. 1, a distributed rights management method based on geospatial location is applied to a large-scale rights management system, and relates to two aspects of establishing user spatial area data access rights and modifying spatial area data range. The method mainly comprises the steps that a super user establishes a spatial region authority range of a first-level user, the first-level user divides a spatial region of the first-level user into subregions with any size and any shape, wherein the subregions can be mutually overlapped but cannot exceed the spatial region of the user; the primary user can authorize the subspace to the secondary user; the secondary user imitates the primary user to establish a tertiary user and authorize; and the third-level user establishes a fourth-level user and authorizes the fourth-level user, and the third-level user and the fourth-level user are circularly progressed.
Specifically, as shown in fig. 2, a distributed authority establishing process in the distributed authority management method based on a geographic spatial location in this embodiment specifically includes the following steps:
step 1, a super user creates root level users (namely 1 level users) and sets a space range of authorized access data of each root level user;
step 2, dividing sub-areas with any forms and sizes in a space range of authorized access data of a root-level user; when the user grants the space region right of the subordinate user, the space region right must be limited in a region allowed by the user;
step 3, the root level user establishes subordinate users of the space region authorized to access the data, and respectively grants the space region range of the accessible data to each subordinate user;
and 4, the subordinate user establishes a space region range for the subordinate user to access data according to the modes of the step 2 and the step 3.
Fig. 3 shows a spatial region permission modification process in the distributed permission management method based on a geographic spatial location according to this embodiment, which specifically includes the following steps:
step 1, a superior user A of a user B with changed authority changes a space area range of accessible data of the user B with changed authority;
step 2, the system generates a corresponding space area Tb which is changed and can access data of the user B;
step 3, performing intersection operation on the space area Tb with the data access capability of the user B and the space area TA with the data access capability of the user A: TB ═ Tb ═ TA;
step 4, taking TB as a space area of accessible data of the final user B;
and 5, cascading and updating the space areas of all the descendant users of the user B, which can access data.
As shown in fig. 4, a process for updating spatial domain permissions of a user in a distributed permission management method based on a geographic spatial location according to this embodiment is automatically executed in a system after the spatial domain permissions of the user are modified, and specifically includes the following steps:
step 1, taking a space area TF of a User which can access data;
step 2, taking a direct subordinate User set Sons of the User;
and 3, executing the following operations on each user Son in the set Sons:
the first step is as follows: taking a space region Ts of accessible data of a user Son;
the second step is that: intersecting the space region Ts of the accessible data of the User Son with the space region TF of the accessible data of the User: TS ═ Ts ≈ TF;
the third step: taking the TS as a space region of accessible data of the final user Son and storing the TS;
the fourth step: and circulating the steps to finish the space region authority updating of all subordinate users of the User.
Specifically, in this embodiment, in all the implementation steps, the data format of the access data is vector data, the space authorized to access the data is vector space, when the space range authorized to access the data of each user is stored, the space vector object is specifically stored in a postgresql data table in a recorded manner, the space attribute is stored in a field with a type of georecord or geograph, and preferably, the authority management system uses postgis as a space database engine of the system.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.
Claims (7)
1. A distributed authority management method based on geographic spatial position is applied to an authority management system and is characterized by comprising a distributed authority establishing process and a user authority changing process; the distributed authority establishing process comprises the following steps:
s101, a super user creates root level users and sets a space range of authorized access data of each root level user;
s102, dividing sub-areas with any forms and sizes in a space range in which a root-level user is authorized to access data;
s103, the root level user establishes subordinate users of the space region authorized to access the data, and respectively grants the space region range of the accessible data to each subordinate user;
s104, the subordinate user establishes a space area range of the subordinate user and grants the accessible data to the subordinate user according to the modes of the step S102 and the step S103;
the user permission changing process comprises the following steps:
s201, a space area range of the user U2 with the changed authority, which can access data, is changed and set to be a new space area A2 by a superior user U1 of the user U2 with the changed authority;
s202, automatically changing the space area A3 of the original accessible data of all the direct subordinate user sets U3 of the U2 by the authority management system, namely intersecting the space area A3 with a new space area A2 to obtain an intersection space area A4;
s203, taking the space area A4 as a space area which is newly accessible to data by a user U3 and saving the space area;
s204, step S201 and step S202 are executed recursively for all subordinate users of the user U3, and the updating of the spatial region of the accessible data of all subordinate users of the user U2 is completed.
2. The distributed rights management method based on geospatial location according to claim 1 wherein the sub-region is represented by a polygon in step S102.
3. The distributed rights management method based on geospatial location according to claim 2, wherein the spatial region range of accessible data of each subordinate user in step S103 is a plurality of discrete polygons.
4. The distributed rights management method based on geospatial location according to claim 2, wherein the spatial region ranges of accessible data of a plurality of subordinate users overlap in step S103.
5. The distributed rights management method based on geospatial location according to claim 1, wherein the data format of the access data is vector data, and the space authorized to access the data is vector space.
6. The distributed rights management method based on geospatial location according to claim 5, wherein the storing of the spatial range of the authorized access data of each user is to record the spatial vector object in a postgresql data table, and the spatial attribute is stored in a field with a type of geometry or geograph.
7. The distributed rights management system based on geospatial location according to claim 6, wherein the rights management system employs postgis as a spatial database engine of the system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910950247.2A CN110704399B (en) | 2019-10-08 | 2019-10-08 | Distributed authority management method based on geographic spatial position |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910950247.2A CN110704399B (en) | 2019-10-08 | 2019-10-08 | Distributed authority management method based on geographic spatial position |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110704399A CN110704399A (en) | 2020-01-17 |
| CN110704399B true CN110704399B (en) | 2020-09-15 |
Family
ID=69197087
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910950247.2A Active CN110704399B (en) | 2019-10-08 | 2019-10-08 | Distributed authority management method based on geographic spatial position |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110704399B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105023089A (en) * | 2015-01-07 | 2015-11-04 | 泰华智慧产业集团股份有限公司 | Urban management data monitoring system based on GIS platform and method thereof |
| CN108924115A (en) * | 2018-06-25 | 2018-11-30 | 武汉众智鸿图科技有限公司 | A kind of Simulation spatial service authority control method and system |
| CN109064111A (en) * | 2018-06-15 | 2018-12-21 | 南京云感物联科技有限公司 | A kind of multistage permission rural environments approaches to IM |
| CN110162960A (en) * | 2019-05-22 | 2019-08-23 | 陕西中达公路技术服务有限公司 | A kind of method for verifying authority based on user management |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105302845B (en) * | 2014-08-01 | 2018-11-30 | 华为技术有限公司 | Data information method of commerce and system |
-
2019
- 2019-10-08 CN CN201910950247.2A patent/CN110704399B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105023089A (en) * | 2015-01-07 | 2015-11-04 | 泰华智慧产业集团股份有限公司 | Urban management data monitoring system based on GIS platform and method thereof |
| CN109064111A (en) * | 2018-06-15 | 2018-12-21 | 南京云感物联科技有限公司 | A kind of multistage permission rural environments approaches to IM |
| CN108924115A (en) * | 2018-06-25 | 2018-11-30 | 武汉众智鸿图科技有限公司 | A kind of Simulation spatial service authority control method and system |
| CN110162960A (en) * | 2019-05-22 | 2019-08-23 | 陕西中达公路技术服务有限公司 | A kind of method for verifying authority based on user management |
Non-Patent Citations (1)
| Title |
|---|
| 基于角色的访问控制分级授权管理的研究;郭军;《中国优秀硕士学位论文全文数据库信息科技辑》;20130315;第I138-85页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110704399A (en) | 2020-01-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10380130B2 (en) | Querying spatial data in column stores using grid-order scans | |
| CN102165447B (en) | For managing the technology of the access of the organizational information for entity | |
| US9613055B2 (en) | Querying spatial data in column stores using tree-order scans | |
| CN100375971C (en) | System and method for hierarchical layout specialization | |
| CN104462362A (en) | Data storage, query and loading methods and devices | |
| CN109947889A (en) | Spatial data management method, apparatus, equipment and storage medium | |
| CN105224377A (en) | A kind of method by metadata automatic generating software project code file and device | |
| US20100114897A1 (en) | Indexing and searching a network of multi-faceted entity data | |
| CN107977446A (en) | A kind of memory grid data load method based on data partition | |
| CN104519072A (en) | Authority control method and device | |
| CN106845175B (en) | Method and device for setting data permission | |
| CN113282896A (en) | Authority management method and system | |
| JP2017531877A (en) | Access control for objects with attributes defined for a hierarchically organized domain containing a fixed number of values | |
| CN105303465B (en) | Tree view definition and methods of exhibiting based on CIM model | |
| CN110704399B (en) | Distributed authority management method based on geographic spatial position | |
| US9871796B1 (en) | Multi level decomposition for multi user CAx databases | |
| CN109684793A (en) | A method of data permission management is carried out based on permission domain structure tree | |
| CN101241503A (en) | Database personalized method | |
| CN101976242B (en) | Method for generating internal level coding of service object and system thereof | |
| Yu | Research of 4th generation GIS software | |
| CN102831264A (en) | Cartographic information conversion method based on computer-aided design (CAD) | |
| Bergamaschi et al. | Object Wrapper: an object-oriented interface for relational databases | |
| CN108764678A (en) | Industrial and mining enterprises' management information system based on Arcgis | |
| KR0175579B1 (en) | Version Control Method of Object-Oriented SDL Specification | |
| Osborn et al. | A methodology for managing roles in legacy systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |